Inferring Dependencies in Cyber Systems

Inferring Dependencies in Cyber Systems
Dan Campbell, GTRI
Dana Randall
March 3, 2015


Modern cyber-physical systems are large and complex, creating a mapping from resources to resultant capabilities that is too complex for humans to reason about in real time.  Diagnostic tools allow monitoring of resource availability, but without a clear understanding of how the resources affect capabilities, tactical decisions about what resources need the most defensive attention cannot be made.  Manual description of the relationship between resources and capabilities is practical only for small systems.   Automatic, explicit mapping remains an open engineering problem, and may represent a dependency topology that is more complex than necessary to describe the system.

We seek algorithms to infer the relationship between resources and capabilities based on multiple observations of the readiness of resources and capabilities.  In the language of Boolean Satisfiability Problems, we wish to find the Boolean Expression that represents each of the capabilities of interest for a given system by repeated observations of the variables and the result of the Expression.  With this expression, we can run additional analyses to determine the most critical assets to protect, which assets are most redundant for a given capability. Questions of interest are: For a given capability, and N resources, how many observations are required to construct the expression?  For a given partial solution state, what observation will yield the most additional information about the expression?  What is an optimal, or good, strategy for determining the expression?